Privacy

Many corporations around the globe are preparing for May 2018, when Europe's General Data Protection Regulation (GDPR) enforcement kicks in. The regulation encompasses a wide range of nuanced privacy requirements that can be challenging to operationalize. In particular, requirements around the rights of European data subjects — which include the right to be forgotten and rights to access, rectification and objection to processing — will be some of the most difficult to address.

Following the Equifax Inc. breach that compromised personal information of 145.5 million Americans including more than 8 million New Yorkers, Attorney General Eric Schneiderman is proposing comprehensive legislation to tighten data security laws

The Company Failed to Notify 57 Million Users of a Breach In October 2016. Two Employees Tasked with Handling the Response Process Have Left the Company, Including Uber In-House Attorney Craig Clark, Who Reported to the Company’s Chief Security Officer.

Uber Technologies Inc. failed to notify 57 million users that their data was exposed in a breach, according to a company blog post published on November 21, which was confirmed by a source close to the matter.

Many corporations around the globe are preparing for May 2018, when Europe's General Data Protection Regulation (GDPR) enforcement kicks in. The regulation encompasses a wide range of nuanced privacy requirements that can be challenging to operationalize. In particular, requirements around the rights of European data subjects — which include the right to be forgotten and rights to access, rectification and objection to processing — will be some of the most difficult to address.

Nearly all of us access the World Wide Web on at least a daily basis. Yet for many of us, there is a fundamental lack of knowledge about the basic structure of the Internet and the way its different levels interact. This article provides a basic outline of the structure of the Web and some insight as to the purpose for and content housed on each level, as well as give some practical tips to avoid your company's data from ending up on the Dark Web.

Phishing is one of the more pervasive cyber attacks in the world, and while we've all received phishing emails, phishing attacks have become more sophisticated and come in different forms other than emails from Persian princes.

Regulators including the FTC, the Department of Health and Human Services Office of Civil Rights (OCR) — the agency responsible for enforcing the HIPAA rules for protected health information (PHI) — and state attorneys general have issued guidance and announced a number of settlements in data security cases that are instructive about measures that organizations can take to reduce the potential for a data breach or, if a breach does occur, provide appropriate notice.

The security industry all too often sells the next shiny object touted as the Holy Grail of security that protects against all cyber threats. And the following year, the next best thing hits the market and becomes the grail until proven fallible.

In the wake of suits filed against Equifax by consumers, businesses and governmental units, courts will have to grapple with the question of what remedies are appropriate. These issues are not unique to the Equifax incident, but the scope of the breach will undoubtedly lead to more debate than ever before.

This article provides a basic outline of the structure of the Web and some insight as to the purpose for and content housed on each level, as well as give some practical tips to avoid your company’s data from ending up on the Dark Web.

The big news in the fantasy sports arena this past summer was the announcement that competitors FanDuel and DraftKings, which make up more than 90% of the online market, would end their merger bid following the Federal Trade Commission's filing of an antitrust lawsuit against the companies. Now, there's good news for FanDuel and DraftKings on a different front, involving the use of athletes' personality components.

This two-part article is divided into three sections: 1) Social media, defined; 2) Examples of how social media has been used in family law cases; and 3) Ethical considerations for attorneys who gather social media evidence.

The purpose of this article is to shed some light on the EU-US Privacy Shield for business. This is vital in order to enable businesses to make an informed decision on whether or not to join this scheme.

Last month, the author discussed some of the technologies people are using today, such as fitness trackers and intelligent personal assistants, and the e-discovery implications they entail. Like these, automotive "Black Boxes" and drones could yield important information for those seeking evidence in a legal action.

“There’s really no such thing as the cloud, there are only other people’s computers.” This may have been true at first; but it is now worth some investigation if the present threat environment today demands a secure cloud.

"There's really no such thing as the cloud, there are only other people's computers." This may have been true at first; but it is now worth some investigation if the present threat environment today demands a secure cloud.

This is not the first time that a credit reporting agency has been breached, nor is it the first time that Equifax has reported a breach. What is different with the current breach is its size and the nature of information compromised, as well as the implications of the breach in light of the increasingly complex web of cybersecurity regulations nationwide.

Web "scraping" is one method of accumulating data that has sparked recent legal debate, both antitrust and otherwise. Legal challenges to Web scraping have involved privacy claims and claims under the federal Computer Fraud and Abuse Act, in addition to antitrust claims about the need to collect public data to be able to compete freely.

Even the Securities and Exchange Commission (SEC) can get hacked — and the recently announced cyber attack against the SEC is providing an important wake-up call for U.S. companies regulated by the powerful agency and the attorneys they work with.

In an effort to continue to capture ongoing and new business, vendors may be opening themselves up to liability due to poorly drafted contracts with companies. In addition, in a rush by companies to have data shifted to the cloud, privacy concerns may be dangerously minimized.

Analyzing data from mobile devices is still uncharted territory for many in Legal and IT. Accordingly, today's modern legal and technology professionals need to brush-up on all things mobile. This includes understanding where applicable data resides in a mobile device and what common challenges are associated with accessing, preserving and extracting this data. One such app taking the mobile device world by storm is WhatsApp.

The legal industry is still lulled into a false sense of security, mistakenly assuming that they are immune to a significant IT business outage, and that those unfortunate firms affected by cybercriminals were somehow lacking in adequate cybersecurity presages. That's simply not true. Even Achilles had a weak spot.

Analyzing data from mobile devices is still uncharted territory for many in Legal and IT. Accordingly, today's modern legal and technology professionals need to brush up on all things mobile. This includes understanding where applicable data resides in a mobile device and what common challenges are associated with accessing, preserving and extracting this data.

The recent takedown of dark Web marketplace AlphaBay represented a major success for law enforcement agencies in the U.S. and around the world. However, experts caution that its effect on mitigating the overall level of cyberthreat faced by corporations and law firms alike, while significant, will likely be temporary at best.

The recent takedown of dark web marketplace AlphaBay represented a major success for law enforcement agencies in the U.S. and around the world. However, experts caution that its effect on mitigating the overall level of cyberthreat faced by corporations and law firms alike, while significant, will likely be temporary at best.

A federal judge in San Jose, CA, has signed off on a $22.5 million deal Google Inc. reached in a long-running class action accusing the company of overcharging certain customers using its AdWords keyword advertising program.

The Disney Princess Palace Pets app allows children to play with, bathe and accessorize about 10 different virtual pets. Sounds innocent enough. But according to a new lawsuit, The Walt Disney Co. and its software partners are illegally using the app — and dozens of others aimed at kids — to track the online activity of youngsters to serve them targeted ads.

Internet professional responsibility and client privacy difficulties are intimately associated with the services offered by lawyers. Electronic attorney services result in data gathering, information exchange, document transfers, enhanced communications and novel opportunities for marketing and promotion. These services, in turn, provide an array of complicated ethical issues that can present pitfalls for the uninitiated and unwary.

It's important to have a restorative plan in addition to a preventative plan for your IT systems. Here are a few steps a law firm can take to ensure critical case data remains intact and accessible after a cybersecurity breach.

The scope of WannaCry changed our perceptions of ransomware attacks. Until then, the more highly publicized ransomware incidents were localized targets impacting only one or a small number of businesses. WannaCry made it clear that ransomware could reach a broad cross-section of computers worldwide, at essentially the same time.

Encryption can play a vital role in securing data, but it needs to be considered within the context of a firm’s overall IT security strategy. Whether, when and how to encrypt requires a careful look at what data the firm keeps, and how much protection it needs. This article explains how encryption can be used to guard against the reputational, financial and legal damage a breach of sensitive data can cause to law firms.

Cyber attacks and theft are on the rise around the country, and law firms are becoming prime targets. Similar to healthcare providers, a law firm’s data can be the gold standard. Unlike manufacturers, banks and retailers, law firms are unique organizations that result in them being highly vulnerable.

The use of business email accounts and digital devices for personal communications can be risky for both employers and employees. However, employees of all levels may be commingling corporate communications with their personal information, according to new research.

When a database is breached in one way or another, the results can be devastating. Many companies suffering this kind of loss turn to litigation, often under the Computer Fraud and Abuse Act, which prohibits improperly accessing a protected computer. There is, however, a growing consensus in the Second Circuit that recovery of certain forms of damages under the CFAA simply is not permitted.

The ransomware attack on June 27 on DLA Piper sounded an alarm for Big Law. The world’s biggest firms are just as prone to ransomware attacks as any other company, and the potential ramifications of a network-crippling malware infection are wide-ranging for a service industry that holds the legal fate of corporations in its palm.

The energy in the legal industry surrounding artificial intelligence (AI) is undeniable. Law firms are investing in innovation or undertaking experiments to test the viability of applying AI-enabled tools to various disciplines. Legal professionals are packing presentations to learn if, how and when the heralded disruption will impact their careers.

A New York trial court judge struck a defendant's answer in a media-based breach of fiduciary duty and unfair competition suit, after finding that 2,000 emails, including attorney-client privileged information possessed by the plaintiffs, had been hacked and stolen.

Anthem Inc. has agreed to pay $115 million to settle claims related to the massive 2015 cyberattack that affected 78.8 million customers. If approved by U.S. District Judge Lucy Koh of the Northern District of California, the deal would be the largest data breach settlement in history.

The use of business email accounts and digital devices for personal communications can be risky for both employers and employees. However, employees of all levels may be commingling corporate communications with their personal information, according to new research.

Web pages are a treasure-trove of useful information for companies that are able to capture it using Web crawling (or scraping) technology. Yet, for over 20 years, courts have struggled to draw the line between the usefulness of such information and the rights of the content owners and website operators from which that content is derived. Once a niche issue, the increased use of this technology has compounded the disputes related to it.

Most Popular Stories

Add salary history to the growing list of inquires off limits to those who interview and evaluate prospective job candidates. Several cities and states have passed legislation that, broadly, prohibits a prospective employer in the private sector from asking questions about an applicant's compensation history.

Will big law firms and their partners benefit from the new Republican tax plan promoted by President Donald Trump? Not necessarily, according to tax experts who say some gains may be eroded by loss of crucial deductions.

Non-compete clauses in employment contracts typically seek to preclude employees from working for a competitor for a specific period of time and within a specific geographic area. Most states allow non-competition agreements, provided they are reasonable in scope and justified by the employer's legitimate business interests. California, however, generally prohibits covenants not to compete, subject to limited exceptions.